Le Jeudi 28 Janvier 2010 22:30:41, Deepak Rao a écrit : > On Thu, Jan 28, 2010 at 12:39 AM, Luis Daniel Lucio Quiroz > > <luis.daniel.lu...@gmail.com> wrote: > > Le Mercredi 27 Janvier 2010 12:05:32, Deepak Rao a écrit : > >> Hi, > >> > >> I have a squid setup requirement in my project for which I could not > >> find an answer. Any pointers will be helpful... > >> > >> The setup is as follows: I have multiple reverse proxies serving web > >> pages to clients. A load balancer front-ends the reverse proxies. The > >> reverse proxies can be configured as siblings. > >> > >> The client requests contain HTTP Digest headers and needs to be > >> authenticated at my server side (using proxy_auth?) The requests from > >> a client can be served by any of the reverse proxies & no state is > >> maintained on the server. Stickiness is also not possible. > >> > >> The issue is: > >> When the first request (REQ1) comes from client 1, server responds > >> back with 401 Unauthorized (WWW-Authenticate) and sets a nonce value > >> (N1) [all this is handled by the reverse proxy itself] > >> > >> Now when the client 1 sends the request (REQ1) again with all the > >> digest headers (using nonce N1), this request is received by another > >> reverse proxy. For this reverse proxy, the nonce N1 is unknown and > >> hence it returns again 401 Unauthorized as response with stale=true > >> for the nonce N1! Thus the request is never getting served rightly > >> > >> How do I handle this scenario? Is there a way to make all reverse > >> proxies share the same nonce pool? > >> > >> Any other alternatives for my requirement is also welcome. > >> > >> Thanks, > >> Deepak > > > > Easygoing, if you are using digest auth, use some persistency in your > > balances et voila! you are done. dont use RoundRobin, > > yes that would be the best way. Unfortunately, the servers are hosted > on third party infrastructure and their load balancer does not provide > any stickiness. The laod balancer just uses round-robin to pass > requests to various reverse-proxies.
You wont using Roundrobing, you MUST use a persistency,
